This is where I started my cybersecurity journey. It was thanks to my senior at NUS (if you are reading this, then thank you Mr Cuong) who invited me to the Advent Of Cyber 3 event in the winter of 2021. A highlight (albeit a bit embarrassing to see this again) is this walkthrough of Advent Of Cyber 3, Day 24.
I would highly suggest this place if you are looking for some beginner-friendly place to start your journey in Cyber Security. The site teaches a lot of concepts that is essential in understanding the current Cyber Security landscape. Also, the knowledge is hands-on, meaning that we can take the concepts to try to breach into some vulnerable machines on the site.
A huge range of topics are covered on TryHackMe, which I can't really go into details here. You can check it out on your own at this link. The site's content is leaning a lot into the world of Pentesting, hence the name of the category. Most of the toolings used in Web, Privilege Escalation, or general pentesting softwares like Metasploit are covered in great detail!
I grinded the site for the entire winter vacation, and managed to get into top 50 Singapore at some point! My profile is at this link. The following is the certificates of the courses I have taken on the site
| Pathways | Concepts covered |
|---|---|
| Pre Security | Cyber security basics, Networking basics and weaknesses, Web and common attacks, Linux |
| Complete Beginner | Basic Linux, Learn web application security concepts through the OWASP Top 10, Using essential tools like NMAP to enumerate infrastructure, Using Python and Bash for scripting, Privilege Escalation |
| CompTIA Pentest+ | Industry standard penetration testing tools, Identifying and exploiting different network services, Exploiting web applications through today’s most common vulnerabilities, Understanding Windows active directory and attacking Kerberos, Post exploitation techniques (with Powerview, Bloodhound and Mimikatz) |
| Jr Penetration Tester | Higher level of the above concepts |
| Cyber Defense | Blue team concepts. Specifically Threat and Vulnerability Management, Security Operations and Monitoring, Threat Emulation, Incident Response & Forensics, Malware Analysis and Reverse Engineering |
For the last 2 courses, I unfortunately ran out of time for doing them. Jr Penetration Tester is 94% complete, whereas Cyber Defense is 60%. I will for sure revisit the courses in the future!
For the writeups, I think a lot of them are available online with just a few Google searches, so I will not include them here.
